by 安全扫描
OpenClaw
可疑
high confidenceThe skill does what it says (controls Revit via an openclaw bridge) and the required env/config are reasonable, but there are inconsistencies in the declared metadata and the skill can autonomously execute potentially destructive Revit commands without built-in confirmation — exercise caution.
评估建议
This skill appears to be what it says: it calls a Revit MCP service via a local openclaw-bridge. Before installing, do the following: (1) Verify and set REVIT_MCP_URL and OPENCLAW_BRIDGE_DIR in your environment — the registry metadata currently doesn't list them, so the SKILL.md is the authoritative source. (2) Only use on a trusted network where the Linux host can reach the Windows Revit MCP port. (3) Treat it as potentially destructive: test in a non-production Revit project first and enable a...详细分析 ▾
ℹ 用途与能力
Name and description match the implementation: the skill calls a local openclaw-bridge to talk to a Revit MCP service. The script and SKILL.md expect REVIT_MCP_URL and OPENCLAW_BRIDGE_DIR which are appropriate for this purpose. However the registry metadata earlier said "Required env vars: none" while SKILL.md declares two required env vars — an inconsistency that should be resolved.
⚠ 指令范围
SKILL.md instructs automatic activation on Revit-related keywords and to call the remote Revit MCP service to run commands (including commands that modify or delete elements). The document explicitly warns about destructive operations but the default behavior (automatic activation + no command-execution confirmation by default) risks accidental destructive changes. Instructions do not ask to read unrelated system files or secrets, but they do require network access to a Windows host on port 18181.
✓ 安装机制
This is instruction-only with a small helper script; there is no download/install spec. The script invokes the local openclaw-bridge repo via 'uv run' in the configured directory — this is consistent with the stated workflow and doesn't pull arbitrary remote binaries in the skill itself.
ℹ 凭证需求
The only environment/config items used are REVIT_MCP_URL and OPENCLAW_BRIDGE_DIR, which are appropriate and low-privilege (no API keys or secrets requested). The mismatch between registry metadata (which listed no required env vars) and SKILL.md declarations should be fixed so users know what to set.
⚠ 持久化与权限
always:false (good) and model invocation is allowed (normal). However, because the skill is configured to auto-trigger on keywords and can execute modifying commands on a remote Revit instance, autonomous invocation increases the risk of unintended destructive actions. Recommend enabling explicit command-confirmation before making changes and restricting automatic activation.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/3/19
Fix ClawHub review issues: add env vars declaration and security warnings
● 无害
安装命令 点击复制
官方npx clawhub@latest install copilot-for-revit
镜像加速npx clawhub@latest install copilot-for-revit --registry https://cn.clawhub-mirror.com
技能文档
自动检测 Revit 相关意图,通过 openclaw-bridge 调用远程 Revit MCP 服务。
⚠️ 安全警告
此 skill 可以执行修改 Revit 项目的命令(如删除元素、修改参数、生成图纸等)。
- 请确保在信任的网络环境中使用
- 建议先在测试项目中验证
- 如需命令执行确认,可在 OpenClaw 配置中启用命令确认机制
前置条件
- Windows 端已配置好 Copilot for Revit(参考 快速开始指南)
- Linux 端已安装 openclaw-bridge(
git clone https://github.com/ryanchan720/openclaw-bridge) - 网络互通:Linux 能访问 Windows 的 18181 端口
配置
环境变量
| 变量 | 说明 | 默认值 |
|---|---|---|
REVIT_MCP_URL | Revit MCP 服务地址 | http://localhost:18181 |
OPENCLAW_BRIDGE_DIR | openclaw-bridge 仓库路径 | ~/repos/openclaw-bridge |
~/.bashrc 或 ~/.zshrc 中配置:export REVIT_MCP_URL="http://192.168.1.100:18181"
export OPENCLAW_BRIDGE_DIR="$HOME/repos/openclaw-bridge"
验证
# 测试连通性
curl $REVIT_MCP_URL/sse# 或使用 bridge CLI
cd $OPENCLAW_BRIDGE_DIR
uv run python -m openclaw_bridge.cli health
使用方式
自动检测(推荐)
直接在聊天中提及 Revit 相关操作:
用户: Revit 在线吗?
OpenClaw: [自动调用 health 检查]用户: 帮我看看 Revit 里有哪些可用命令
OpenClaw: [自动调用 tools list]
用户: 帮我在当前视图里创建梁标记
OpenClaw: [自动匹配 TagBeamCommand 并调用]
显式调用
明确指定要使用的工具:
用户: 用 GetEnvInfoCommand 查看一下环境信息
OpenClaw: [调用指定工具]
触发关键词
当用户消息包含以下关键词时自动激活:
- Revit
- 图纸 / 标注 / 视图 / 元素
- 墙 / 门 / 窗 / 梁 / 柱
- 标高 / 房间
- 以及从
tools list动态获取的所有工具名称
错误处理
| 错误 | 提示 |
|---|---|
| Revit 不在线 | 提示用户启动 Revit 或检查网络 |
| Revit is not ready | 提示用户打开项目文件 |
| 工具不存在 | 列出可用工具供用户选择 |
| 参数缺失 | 向用户询问缺失的参数 |
注意事项
- Revit 必须打开项目:大多数命令需要在打开
.rvt文件后才能执行 - 同步执行:当前为同步调用,长耗时命令可能需要等待
- 网络依赖:需要 Linux 主机能访问 Windows 的 18181 端口
相关链接
- Copilot for Revit - 主框架
- openclaw-bridge - 桥接器
- 通用命令插件 - 开箱即用的命令
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制